This repository has been archived by the owner on Oct 12, 2022. It is now read-only.
Bug 6376: core.thread.thread_scanAll doesn't scan the stack due to ASLR #43
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
… to ASLR on Mac OS X 10.7 When ASLR is enabled, the stack address of Mac OS X is no longer fixed at 0xc000_0000 -- actually, often higher than this. Previously, the function rt.memory.rt_stackBottom returns a hard-coded value of 0xc000_0000, which is no longer valid with ASLR. Functions which rely on this function could no longer work properly. In particular, core.thread.thread_scanAll cannot scan the main thread's stack since the stack pointer bounds are reversed. The GC, which marks whether pointers shouldn't be freed yet, will miss all the objects on stack as thread_scanAll is used. This causes pre-mature deallocation when a GC collection is invoked. In particular, when throwing an exception (the pointer is on stack), the TraceInfo allocated is > 2 KiB, which will cause a page allocation that invokes the GC. This makes the exception object be destroyed before checking its type, making it totally uncatchable and ignored, thus previously unreachable statements after the 'throw' will now be reachable, and other undefined behavior will arise.
|
I can confirm that using |
|
Thanks, all, for getting this done. |
|
Could we please try to clear out the remaining issues, if any, and merge this to |
WalterBright
added a commit
that referenced
this pull request
Aug 2, 2011
Bug 6376: core.thread.thread_scanAll doesn't scan the stack due to ASLR
redstar
pushed a commit
to redstar/druntime
that referenced
this pull request
Jan 10, 2016
MSVCx86: replace __vcrt_getptd with __processing_throw
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes bug 6376:
core.thread.thread_scanAlldoesn't scan the stack due to ASLR on Mac OS X 10.7When ASLR is enabled, the stack address of Mac OS X is no longer fixed at
0xc000_0000— actually, often higher than this. Previously, the functionrt.memory.rt_stackBottomreturns a hard-coded value of0xc000_0000, which is no longer valid with ASLR. Functions which rely on this function could no longer work properly. In particular,core.thread.thread_scanAllcannot scan the main thread's stack since the stack pointer bounds are reversed. The GC, which marks whether pointers shouldn't be freed yet, will miss all the objects on stack as thread_scanAll is used. This causes pre-mature deallocation when a GC collection is invoked. In particular, when throwing an exception (the pointer is on stack), the TraceInfo allocated is > 2 KiB, which will cause a page allocation that invokes the GC. This makes the exception object be destroyed before checking its type, making it totally uncatchable and ignored, thus previously unreachable statements after the 'throw' will now be reachable, and other undefined behavior will arise.